This repo contains topics, code snippets, and examples for Fugue's Terraform security masterclass. The focus is on how to use the Regula open source policy engine to prevent misconfigurations and security vulnerabilities from reaching production in your cloud.
Regula is an open source project on Github. It builds on OPA and the Rego query language to create an easy-to-use policy engine for resources in Infrastructure-As-Code (IaC).
Rules written for Regula are usable with both Terraform HCL and Terraform Plans. Regula can easily be run during development (e.g. via pre-commit hooks) or in CI/CD pipelines to check Terraform Plans prior to deployment.
See each topic below, each of which includes example source code and commands to show how you can eliminate misconfigurations in your Terraform templates.
Rego is the open source policy language and a key component of the CNCF Open Policy Agent (OPA) project.
- The Rego language
- Rego and Terraform
- Regula and Terraform
- IaC Pre-Commit Checks
- Regula Built-in Rules
- Regula Usage
- Regula Documentation
- Regula Built-In Rules
- The Rego Language
- Pre-Commit Hooks for Git
- Terraform Plan JSON
Fugue helps teams move faster and more securely in the cloud. Our open source projects and SaaS platform help eliminate misconfigurations and ensure security both in IaC templates and for resources running in AWS, Azure, and Google clouds.
You can also check out our careers page if this sounds like something you'd want to help us with!